How to demonstrate you’re ready for GDPR
February 24, 2018 | By vicki
Ask yourself these 12 Key questions to develop a business specific data management plan that will help your organisation get GDPR ready:
- Obligations. Do I understand my organisation’s privacy obligations, risks and is our data compliance strategy fit for purpose?
- Impact. Do I understand how GDPR impacts my organisation? Are Data Processors (DPs) fully educated on their responsibilities to fulfill the requirements?
- Data Protection Impact Assessments (DPIAs). As a starting point to GDPR, have we undertaken a DPIA? Are we undertaking these on a regular basis?
- Decision-making. Am I making sound decisions and plans around business initiatives and the technology required to manage data and personally identifiable information (PII)?
- Personally Identifiable Information (PII). Have I got a clear view of the personal information we process, who is processing it, where it is kept and the purpose for which it is used?
- Increased rights for data subjects. Is there an appreciation of the fact that data subjects/individuals have increased rights and can make requests about the data we hold on them?
- Consents. Do we have the required consents from data subjects/individuals to hold and process their data?
- Transparency. Are we clear and transparent with our privacy notices, contracts etc?
- Data management. Do I have transparent data correction, withdrawal, transfer, processing and compensation measures in place?
- Suppliers. Do I monitor internal and third-party supplier data compliance, privacy and security to protect my organisation?
- Processes. Am I confident we have the processes to foresee a data breach and manage this in accordance with GDPR requirements?
- Resources. Do I need a Data Protection Officer (DPO)?
How we can help
IASME (Information Assurance for SMEs) Governance Accreditation is a straightforward and cost effective alternative to ISO:27001 that incorporates UK Government backed standards for Information Governance, baseline IT security and GDPR Readiness.
Once certified you receive badges that you can place on your website and communication to reassure your supply chain that you will not expose them to any undue security or GDPR risks.
In our capacity as an IASME accredited certification body, we can help you achieve your certification quickly and effectively. We offer a range of competitively priced IASME Packages to suit your budget, timeframe and level of experience.
Prices start from just £400.